Files
rutster/DCO.md
opencode controller 7270a608dc
All checks were successful
CI / fmt (pull_request) Successful in 1m38s
CI / clippy (pull_request) Successful in 2m22s
CI / test (1.85) (pull_request) Successful in 5m27s
CI / test (stable) (pull_request) Successful in 6m7s
CI / deny (pull_request) Successful in 2m3s
docs: require DCO signoff on every commit (fixes #6 from adversarial review)
Every commit MUST be signed off (git commit -s). Preserves the
copyright-holder's option to dual-license later — without a DCO/CLA
instrument, every external contribution erodes that option (ADR-0004).
Particularly load-bearing under multi-agent parallel authorship, where
multiple sessions commit in parallel and the DCO is the only per-commit
aggregation instrument.

Adds DCO.md with the full Linux-Foundation DCO text + the agents-sign-off-
with-the-human's-identity rule. AGENTS.md Git workflow gains the DCO bullet.
2026-07-01 20:12:49 -04:00

3.0 KiB

Developer Certificate of Origin (DCO)

Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation. All rights reserved.

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.


How to sign off

Every commit MUST be signed off. Use git commit -s (or git commit --signoff) to add the attestation line automatically:

$ git commit -s -m "feat: add barge-in reflex"

commit 0123456789abcdef...
Author: A.D. Lee <alee@example.com>
Date:   Wed Jul 2 10:00:00 2026 +0000

    feat: add barge-in reflex

    Signed-off-by: A.D. Lee <alee@example.com>

The Signed-off-by: Name <email> line is the canonical DCO attestation. The name and email MUST match the git author identity.

Why DCO (not a CLA)

The DCO is a per-commit attestation (lightweight, no registration), not a Contributor License Agreement (which would require a one-time grant + tracking). The DCO preserves the copyright-holder's option to dual-license the project later — every contributor retains their own copyright but attests they have the right to contribute under GPL-3.0-or-later (the project's license, ADR-0004). See ADR-0004 for the license decision and the dual-license rationale.

For agents committing on behalf of a human

An AI agent that commits code on behalf of a human operator MUST sign off with the human's name + email, not the agent's own identity. The human is the contributor of record; the agent is the instrument. The DCO attestation certifies the human's right to contribute, not the agent's.

# Correct — the human (alee) is the contributor of record
Signed-off-by: A.D. Lee <alee@example.com>

# WRONG — the agent is not a legal entity that can hold copyright
Signed-off-by: opencode-agent <agent@example.com>

CI (planned) will reject commits missing a valid Signed-off-by line matching the author identity.